Security News > 2021 > February > Microsoft Says Its Services Not Used as Entry Point by SolarWinds Hackers
In response to speculation that its services may have been leveraged as an initial entry point by the hackers who breached IT management firm SolarWinds, Microsoft said on Thursday there was no evidence to back those claims.
Reports, including from several mainstream media publications, have speculated about the role of Microsoft services in the SolarWinds attack and other operations conducted by the same threat group.
In a blog post published on the SolarWinds website on February 3, Ramakrishna said that while the attackers did leverage Microsoft services as part of the attack, the investigation so far leads them to believe that "The most likely attack vectors came through a compromise of credentials and/or access through a third-party application via an at the time zero-day vulnerability."
The U.S. Cybersecurity and Infrastructure Security Agency revealed recently that many of the organizations targeted by the SolarWinds hackers were breached through attack vectors that did not involve the SolarWinds supply chain attack, leaving many to speculate that Microsoft services may have been abused.
Microsoft said on Thursday that while data hosted in Microsoft email and other services was targeted by the hackers "Post compromise," it had found no evidence that its services were used as an initial entry point into the systems of organizations, claiming that the attackers apparently gained privileged credentials "In some other way."
After the SolarWinds supply chain attack came to light, Microsoft said it had notified some customers about suspicious activity related to their Azure and Microsoft 365 accounts.